Nagle Catholic College hit with highly sophisticated cyber attack

• The compromised information includes parents’ bank account details, credit card information, and the signatures scanned when parents paid school fees.
• The widespread attack also targeted other education institutions known for their financial services.

Nagle Catholic College in Geraldton, Australia suffered a highly sophisticated cyber attack compromising parents banking details.

What happened?

The educational institution has been targeted in a four-day ‘highly sophisticated and automated’ cybersecurity attack, which began on June 11, 2019. The widespread attack also targeted other education institutions known for their financial services.

Rob Crothers, Principal at Nagle Catholic College said that the attack started after someone opened a malicious link in a phishing email sent to the college.

What information was compromised?

The compromised information includes parents’ bank account details, credit card information, and the signatures scanned when parents paid school fees.

“Parents who may have provided information relating to accounts from which to take fee payments or to make payments to the school could have been compromised if they were sent by email format,” Crothers said to ABC.

What was the immediate action taken?

• NCC reported the incident to Catholic Education Western Australia (CEWA), the umbrella body for Catholic schools in the state, and the Office of the Australian Information Commissioner.
• CEWA is working closely with cybersecurity experts to investigate and address the data breach incident.
• CEWA follows a stringent reporting process and has notified the parents about the breach.
• The educational institution has requested the parents to remain vigilant and review their bank account statements for any suspicious activity.
• Further, NCC has hired a security firm to enhance the school’s cybersecurity.

“In the long term, what we need to do is look at developing different processes for the handling of this information and provide parents with a different format so they can communicate the same information and not be susceptible through any future email attacks or hacks,” Crothers said.

“CEWA has systems and measures in place to monitor and respond to cyber security incidents and continues to work closely with cybersecurity experts to mitigate and address a potential breach. In instances where a breach may have occurred, CEWA follows a stringent reporting process including notification to those who may be affected,” a spokesperson for CEWA said, The West Australian reported.